response returns errors when signer2 provided but signing fails

kolide · Apr 18, 2024 · 94b3d5a · 94b3d5a
1 parent 1592b86
commit 94b3d5a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/pkg/challenge/challenge.go b/pkg/challenge/challenge.go
@@ -97,8 +97,10 @@ func (o *OuterChallenge) Respond(signer crypto.Signer, signer2 crypto.Signer, re
 
 	var signature2 []byte
 	if signer2 != nil {
-		//nolint: errcheck - we allow nil signer2
-		signature2, _ = echelper.SignWithTimeout(signer2, innerResponse, signingTimeoutDuration, signingTimeoutInterval)
+		signature2, err = echelper.SignWithTimeout(signer2, innerResponse, signingTimeoutDuration, signingTimeoutInterval)
+		if err != nil {
+			return nil, fmt.Errorf("signing challenge 2: %w", err)
+		}
 	}
 
 	sealed, pub, err := echelper.SealNaCl(innerResponse, &o.innerChallenge.PublicEncryptionKey)

diff --git a/pkg/challenge/response.go b/pkg/challenge/response.go
@@ -38,9 +38,6 @@ func (o *OuterResponse) Open(privateEncryptionKey *[32]byte) (*InnerResponse, er
 
 	// no sig 2 provided, return what we have
 	if o.Sig2 == nil || len(o.Sig2) <= 0 {
-		// if there is no sig2, set public signing key 2 to nil just in case so that
-		// the consumer does not falsely assume it was used to perform a signature
-		innerResponse.PublicSigningKey2 = nil
 		return &innerResponse, nil
 	}